GIAC GSLC Exam Dumps & Practice Test Questions
Question No 1:
You work as a Network Administrator at Tech Perfect Inc., a company operating a Windows Server 2008 network with a single forest and domain-based Active Directory. Recently, the company issued 50 laptops to its sales team, which need to connect to an 802.11 wireless network to access data on a server located in a wired network.
The network should be set up to prevent unauthorized access and protect data from being intercepted. Additionally, the sales team members should not be able to communicate directly with each other.
What steps should you take to meet these requirements?
A. Implement IEEE 802.1X authentication for the wireless network.
B. Configure the wireless network to use WEP encryption for data transmitted over the wireless network.
C. Implement open system authentication for the wireless network.
D. Use Group Policies to restrict wireless computers to infrastructure networks only.
E. Use Group Policies to allow wireless computers to connect only to ad hoc networks.
Answer:
A. Implement IEEE 802.1X authentication for the wireless network.
D. Use Group Policies to restrict wireless computers to infrastructure networks only.
Explanation:
IEEE 802.1X Authentication (Option A):
Implementing 802.1X ensures that only authorized devices and users can access the wireless network. It provides a strong authentication method through a RADIUS server, which helps prevent unauthorized access.Restricting to Infrastructure Networks (Option D):
By enforcing a policy that allows connections only to infrastructure networks, you prevent devices from connecting in ad hoc mode, where they can communicate directly with each other. This is essential for avoiding potential security breaches.
Why Not the Other Options?
WEP Encryption (Option B): WEP is outdated and easily cracked, making it unsuitable for securing the network. More secure options like WPA2 or WPA3 should be used instead.
Open System Authentication (Option C): This method allows any device to connect without authentication, posing a major security risk.
Ad Hoc Networks (Option E): Allowing the use of ad hoc networks would expose the system to unnecessary security threats by enabling devices to communicate directly.
Question No 2:
You are working as a Network Administrator in an enterprise, tasked with deploying Windows 2000 and other applications across multiple computers. Installing these components manually on each machine is time-consuming and inefficient. You decide to automate the installation of both the operating system and applications.
Which installation tasks can be automated? Choose all that apply.
A. Service Packs for Windows 2000 Server
B. Any application that does not run as a service
C. Additional language support for Windows 2000 Server via language packs
D. Any application that runs as a service
E. The core operating system of Windows 2000 Server
Answer:
A. Service Packs for Windows 2000 Server
B. Any application that does not run as a service
C. Additional language support for Windows 2000 Server via language packs
E. The core operating system of Windows 2000 Server
Explanation:
Automated installations are commonly performed using tools like Unattended Installation or Remote Installation Services (RIS). These tools allow for the seamless deployment of operating systems and software across many machines without manual intervention.
Service Packs (Option A): Installing service packs can be automated using tools like batch scripts or Windows Update, making the process more efficient.
Non-Service Applications (Option B): Applications that don't run as services can be automated using tools like Sysprep, which allow for silent installations without user interaction.
Language Packs (Option C): Language packs can be installed automatically during the OS setup, enabling a localized experience for users.
Core OS Installation (Option E): The core operating system can be fully automated, including settings like disk partitioning and network configuration, by using Sysprep or unattended setup scripts.
Non-Automated Installation:
Service Applications (Option D): While these applications can be deployed, they often require manual configuration due to their complexity and interaction with system services.
Question No 3:
Which of the following fence heights is most effective in deterring casual trespassers while still allowing individuals with a more determined intent to trespass to access the area?
A. 3 to 4 feet
B. 2 to 2.5 feet
C. 8 feet
D. 6 to 7 feet
Answer: A. 3 to 4 feet
Explanation:
A fence's height is a key factor in determining its effectiveness in preventing trespassing. A 3 to 4 feet fence strikes a balance by deterring casual trespassers while still being low enough for determined individuals to bypass if needed.
3 to 4 feet (Option A): This height is sufficient to deter casual trespassers without making it too difficult for those with more serious intent to get past.
2 to 2.5 feet (Option B): This is too low to be an effective barrier against trespassers.
6 to 7 feet (Option D) and 8 feet (Option C): These higher fences are better suited for high-security areas, where even determined trespassers need to be kept out. They may not be necessary for casual trespassing scenarios.
Question No 4:
Victor plans to use Wireless Zero Configuration (WZC) on his Windows XP computer to connect to a wireless network. What security threats might his system face in this scenario? Select two potential threats.
A. An attacker could exploit the Ping Flood Denial of Service (DoS) attack if WZC is enabled.
B. Information about networks Victor's computer probes for could be captured with a wireless analyzer, revealing details that could compromise the system.
C. An attacker could set up a fake wireless network with a high-power antenna, causing Victor's computer to connect to it and allowing unauthorized access.
D. WZC lacks the option for configuring encryption and MAC filtering, which makes securing wireless communication more difficult.
Answer:
B. Information about networks Victor's computer probes for could be captured with a wireless analyzer, revealing details that could compromise the system.
C. An attacker could set up a fake wireless network with a high-power antenna, causing Victor's computer to connect to it and allowing unauthorized access.
Explanation:
Wireless Zero Configuration (WZC) simplifies wireless network connection but also introduces security vulnerabilities, especially when proper security measures aren't in place.
Threat B: WZC sends probe requests for available networks, which can be captured by attackers using a wireless analyzer. This gives attackers valuable information about the networks Victor is trying to connect to, which could be used to launch attacks.
Threat C: The "Evil Twin" attack is a risk when using WZC. An attacker can set up a fake network with a stronger signal, tricking Victor's computer into connecting to it. This could allow the attacker to intercept data or gain unauthorized access to Victor's system.
Question No 5:
Mark is a Network Administrator at Infonet Inc., managing a Windows 2000 Active Directory domain-based network. The company has 100 client computers running Windows XP Professional. Mark is tasked with deploying an 802.11 wireless LAN across the organization, and the security policy requires using WEP encryption to secure all wireless connections.
How should Mark configure the wireless access points (APs) and client computers to meet the security policy, ensuring both automatic connection and protection against unauthorized devices?
Select three actions needed to comply with the company’s security policy.
A. Set the wireless LAN authentication type to Open System.
B. Install firewall software on each wireless access point.
C. Set the wireless LAN authentication type to Shared Key.
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.
E. Enable SSID Broadcast to allow clients to connect to the access point.
F. Add the SSID for the wireless LAN as a preferred network on each client computer.
Answer:
C. Set the wireless LAN authentication type to Shared Key.
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.
F. Add the SSID for the wireless LAN as a preferred network on each client computer.
Explanation:
To meet the security requirements and allow automatic connection, Mark needs to implement the following:
Shared Key Authentication (Option C): This requires clients to authenticate using the correct WEP key, which adds an extra layer of security over Open System authentication.
Disabling SSID Broadcast and MAC Filtering (Option D): Disabling SSID broadcast prevents unauthorized users from detecting the wireless network, while MAC filtering ensures that only authorized devices can connect.
Adding the SSID to Client Computers (Option F): Configuring the client computers to automatically connect to the preferred network ensures smooth connection and compliance with the security policy.
Question No 6:
You and your project team have just begun the risk identification phase for a project that is planned to run for 18 months. Your team has already compiled an extensive list of potential risks that require thorough analysis.
How often should you and your team conduct risk identification activities throughout the project's lifecycle?
A. Risk identification is an iterative process.
B. At least once per month.
C. The frequency depends on the number of risks initially identified.
D. Several times until the project moves into execution.
Answer: A. Risk identification is an iterative process.
Explanation:
Risk identification is an ongoing and iterative process that should be conducted regularly throughout the project lifecycle, rather than being limited to a one-time event at the project's start. While the team may identify numerous risks initially, the project's environment, scope, stakeholders, and external factors can evolve, requiring frequent updates and additional risk assessments.
For a project lasting 18 months, risk identification must remain dynamic. Changes in project conditions, unforeseen challenges, and lessons learned can introduce new risks or alter existing ones. As the project progresses through planning, execution, monitoring, and closing, the team may uncover additional risks tied to new tasks, changes in resources, or external factors previously unknown.
An iterative approach to risk management helps address emerging risks proactively by revisiting and reassessing them as the project evolves. It ensures ongoing identification and management of risks, with updated mitigation or contingency plans.
Simply identifying risks monthly (Option B) or based on the number of risks initially identified (Option C) doesn't fully capture the dynamic nature of the project. Risk identification must adapt to the project's changing conditions, not be fixed to a schedule or limited to an initial count of risks.
Thus, the best practice is to conduct risk identification iteratively throughout the project, allowing for timely identification and effective management of new risks.
Question No 7:
As a project manager for the TYU project, you are developing a risk mitigation plan. You aim to identify risks that require a more detailed evaluation to ensure effective management.
Which of the following activities is most appropriate for identifying the risks that need a deeper analysis?
A. Qualitative analysis
B. Quantitative analysis
C. Risk identification
D. Estimate activity duration
Answer: B. Quantitative analysis
Explanation:
Effective risk management is essential for minimizing potential negative impacts on a project's objectives. As a project manager, you need to assess and prioritize risks to identify those that require more in-depth analysis. The most suitable activity for identifying risks that need a deeper evaluation is quantitative analysis.
Quantitative analysis involves numerically analyzing the probability and impact of risks, typically using mathematical models or statistical techniques. This helps assess the severity of risks in terms of cost, time, or scope. Methods like Monte Carlo simulations or decision trees provide data to estimate the impact of risks on the project's goals and determine which ones could disrupt the project significantly. Quantitative analysis offers concrete data for prioritizing risks, allocating resources, and developing focused mitigation strategies.
While qualitative analysis (Option A) is valuable for evaluating risks based on likelihood and impact, it provides more subjective assessments and does not provide the detailed numerical data required for deeper evaluation.
Risk identification (Option C) is the first step in risk management, where risks are recognized and documented. However, it does not address the level of analysis needed for prioritizing risks for further investigation.
Estimate activity duration (Option D) is part of schedule management and focuses on determining the time each activity will take. While important, it is unrelated to risk analysis.
Therefore, quantitative analysis is the best approach for identifying and evaluating risks that require more detailed mitigation planning.
Question No 8:
Your project team has entered the phase of risk identification for a project with a planned duration of 18 months. An extensive list of potential risks has already been compiled by your team, but these need a deeper analysis.
How often should risk identification be carried out throughout the lifecycle of the project?
A. Risk identification must be a recurring process.
B. At least once each month.
C. The frequency depends on how many risks were initially identified.
D. Multiple times before the project enters the execution phase.
Answer: A. Risk identification must be a recurring process.
Explanation:
Risk identification is not a one-off task but an ongoing and evolving process that must be revisited regularly throughout the life of the project. Even after a comprehensive list of risks is compiled during the initial stages, numerous factors can change throughout the project, including the project's environment, stakeholder interests, resources, and external variables. Because of this, regular updates to the risk register and further risk assessments are needed to ensure that any new risks are identified and appropriately managed.
In projects with a long timeline, like one set for 18 months, risk identification must be dynamic. At the beginning of the project, there may be many identified risks, but these may change in nature or significance as the project progresses through its various stages—planning, execution, monitoring, and closing. As new tasks are added, or unexpected challenges arise, fresh risks may come to light.
Additionally, as the project team learns more during the execution phase, it may uncover new risks or even reassess previously identified risks. These changes in the risk landscape require risk identification to remain a continuous, iterative activity, ensuring that mitigation or contingency plans are always up-to-date and relevant.
Simply identifying risks once a month (Option B) or depending solely on the number of risks initially identified (Option C) would not fully reflect the dynamic nature of risk management. Risks evolve, and the risk identification process must adapt to these changes, ensuring that any new risks are immediately addressed.
Therefore, it’s considered best practice to conduct risk identification as a recurring, iterative process throughout the entire project lifecycle to capture and address emerging risks.
Question No 9:
In your role as the project manager for the TYU project, you are now working on formulating a risk mitigation strategy. The goal is to pinpoint those risks that require a more thorough evaluation in order to handle them effectively.
Which activity is most suited for identifying the risks that require detailed analysis?
A. Risk assessment through qualitative methods
B. Detailed evaluation through quantitative techniques
C. Recognizing and listing risks
D. Estimating the duration of project activities
Answer: B. Detailed evaluation through quantitative techniques
Explanation:
To mitigate potential risks effectively, the process of analyzing them in depth is crucial. As a project manager, you need to carefully assess which risks could potentially disrupt your project and require a more in-depth analysis. The most suitable approach for identifying these risks is through quantitative analysis.
Quantitative analysis goes beyond basic assessments and uses numerical data to measure the potential impact of risks. This approach typically employs mathematical models or statistical techniques such as Monte Carlo simulations or decision trees to estimate the likelihood and consequences of various risks. This provides concrete, data-driven insights into the severity of risks in terms of factors like cost, time, and scope, helping you prioritize which risks need the most attention.
For example, by using quantitative analysis, you can determine how a particular risk, such as a delay in supply chain delivery, will impact the overall project timeline and budget. This detailed approach helps to prioritize risks based on their potential severity and provides valuable information to formulate targeted mitigation strategies.
While qualitative analysis (Option A) is useful for categorizing risks by their probability and impact, it doesn't offer the same level of detailed, data-driven insights that quantitative analysis provides. Qualitative analysis typically relies on subjective judgment, grouping risks as high, medium, or low, but it lacks the detailed quantification required for deep evaluation.
Risk identification (Option C) is the first step in the risk management process, where risks are identified, but it doesn’t provide a detailed, data-based evaluation of each risk’s potential severity.
Estimating the duration of project activities (Option D) is part of the scheduling process, not directly related to identifying risks or analyzing their impact.
Therefore, using quantitative analysis is the best approach to evaluate and prioritize risks that demand a more detailed examination to develop effective mitigation plans.
Question No 10:
As a project manager in charge of a long-term project, you are required to decide when to update the risk management plan. Given the nature of your project, when should you update the risk management plan to ensure it stays relevant?
A. When the project's scope changes significantly.
B. After identifying a new risk.
C. Only after the project completes its first milestone.
D. Once the project has entered its execution phase.
Answer: A. When the project's scope changes significantly.
Explanation:
The risk management plan should be regularly updated throughout the project lifecycle to reflect changes in the project environment. One of the most critical times to update this plan is when there is a significant change in the project's scope. The scope defines the work required to complete the project, and any modifications to this scope—such as adding new tasks, changing deliverables, or altering objectives—can introduce new risks or alter existing ones.
For example, if a new requirement is added, it could bring with it risks related to resources, time constraints, or technical challenges. Updating the risk management plan after such changes ensures that all potential risks are assessed, mitigated, and that contingency plans are in place.
While identifying a new risk (Option B) is important, the risk management plan is meant to address larger changes, not just individual risks. Simply identifying a new risk doesn’t necessarily warrant an update to the entire plan unless it is part of a broader change.
Waiting until the project has completed its first milestone (Option C) or entered the execution phase (Option D) are not ideal times to update the risk management plan. These stages might reveal some issues, but the plan should be updated as soon as major changes to the project scope or environment occur.
Thus, to ensure that the project stays on track and risks are adequately addressed, the plan must be updated whenever there are significant changes to the project’s scope.
